The background

According to Rob Behler, a contractor who worked on getting Diebold's electronic voting machines set up for Georgia's 2002 gubernatorial election, these machines are more than just a litte broken. One quarter of them crashed upon booting or shortly after booting.

Behler says Diebold provided no fewer than three patches to fix the problems, without any supervision to make sure they were applied, let alone certified. The first patch didn't work, and neither did the second, so there were three in all. For the record, Diebold denies all of this.

Behler says that when he warned the certifiers of what was going on, Diebold called him in the carpet and forbade him to speak to the certifiers. Later, the vice president of Behler's employer said that Behler was dismissed for lack of performance. When pressed, he looked in Behler's employee file and could find nothing to back that up.

Later, the election resulted in a surprise upset. The losing party have questioned the Diebold voting machines, and with good reason. There is no way to prove that the election was tampered with. And there's no way to prove it wasn't, because these machines keep no paper records.

Meanwhile, conspiracy theories abound concerning the 2002 gubernatorial primary in Florida and the gubernatorial recall last year in California. Diebold machines are featured in many of these rumors.

More than a rumor, election auditors in California say that Diebold had patches installed which had not been certified by the state. Sound familiar?

A pattern of incompetence

The Diebold machines run on version 3.0 of Microsoft's Windows CE. One of the patches was intended to fix problems with Windows CE. As an embedded systems programmer, I find this highly disturbing. Windows CE has a terrible reputation in the industry. It's very likely that Windows CE is to blame for some of the problems with the Diebold voting machines. No competent software developer would ever recommend using it for any mission critical application. The only reason any company will attempt to use it this way is if management has overridden developer's objections and ordered them to use it. What the motive for this may be, I will not speculate, but it must be something other than the desire to produce a quality product.

Diebold is also the maker of an infamous ATM machine that was infected with a computer worm, putting untold customers' money at risk. This ATM was also built on a Microsoft operating system, which is what made it possible for it to get a PC worm. Even worse, it was connected to the Internet, instead of a private network, which would have offered some protection from the countless viruses and worms running loose.

In January 2003 Diebold inadvertently published some of its own secret source code on its FTP server. This gave security experts at John Hopkins and Rice universities the opportunity to study the inner workings of the Diebold voting machines. Their verdict: it's absolute garbage. For example, it's possible for a user of these machines to vote multiple times, and to gain adminsitrator privileges, taking over the machine entirely.

Suppression of the truth

Several ISPs and Internet users have posted private Diebold documents lifted from Diebold's poorly secured servers, and have made them available to the public, to make clear just how incompetent this company is. Diebold's response: to send out cease-and-desist letters, citing copyright violation and the provisions of the Digital Millenium Copyright Act. The Electronic Freedom Foundation and the Online Policy Group, two organizations dedicated to securing free speech on the Internet, responded by suing Diebold. They contend that the information is of vital interest to all American citizens, and thus is covered under fair use.

Why it matters

What is at stake here is nothing less than our way of life. All the security, liberty and prosperity we enjoy as Americans is the result of our democratic process. Without it, we would no better than any of the third world despotisms, where life for the common man is nasty, brutal and short.

Our democratic process depends on reliable counting of the ballots. We can tolerate a few minor failures here and there, such as the dead voting in Chicago, or hanging chads in Florida, but just barely. This is far worse than voter fraud in Chicago, because it's not localized. Diebold is trying to sell these systems anywhere and everywhere it can. And to this day there is still bitterness over the 2000 presidential election. This upcoming election looks like it could be just as close, and whichever side wins, the other side will not be happy. They will look for any excuse at all to question the results, and to harbor bitterness for years afterward. If this company with its reputation is involved in any way, there will be no end of it.

There are groups that support these voting machines and angrily denounce any attempt to remove them, on the grounds that blind voters will not be able to vote privately using traditional methods, and therefore need these machines. This is a false dilemma. The problem is not electronic voting machines as such. The problem is these particular machines made by this particular company. There are other sources for such machines, such as AccuPoll Holdings and TruVote International, whose reputations are unsullied by controversy.

I would note in passing that Diebold has made substantial donations to the National Federation of the Blind and to the League of Women Voters, both of which have carried water for Diebold. The League of women Voters has since altered its stance in response to the protests of its own members.

What to do

We must ban Diebold now from our electoral process. Not just this machine or this version of software. We must ban the company that caused this mess and will cause it again given the chance.

It's not enough to modify these devices to create a paper record, as the state of Ohio is calling for. How can we dare trust anything that comes out of a machine made by a company with such a pattern of bhavior? At this point, a paper record would be nothing but a whitewash to cover up the real issue. The real issue is that these machines are the broken result of a broken development process from a broken corporate culture. It's not enough to try to patch these things and then certify the patch. As a software developer of many years standing, I can tell you that when a system has this many problems, it is beyond any such quick fix. It is dysfunctional. Bugs happen, but bugs don't happen at this scale unless something has gone wrong with the development process from the very start.

Finally, it's not enough to ban Diebold machines locally, as California has recently done. Wherever these machines are used, faith in our democratic process will be undermined. In this age of deep ideological division, where political rivalry has degenerated into personal acrimony, we can ill afford any doubt about the fairness of elections. Let your elected representatives know. Let them know at all levels, local, state and federal, that we object to these machines, that there is no way we can be made to have faith in them, and that they must go. We have an election coming up in November. I don't know if we can get a nationwide ban in place in time. But better late than never. If we make our objections clear now, we can keep these machines out of future elections. For this November, we'll simply have to hope for the best.

There is no margin of error, let alone a margin great enough to tolerate such a pattern of ineptitude as Diebold has displayed. There is too much at stake. Diebold cannot be trusted. Ever.